## AFWall+ CustomScript & some tweaks
## Mike Kuketz
## www.kuketz-blog.de
## Changes: 25.09.2018
##
## iptables -L
## iptables -S
## iptables -L -t nat

####################
# iptables #
####################
IPTABLES=/system/bin/iptables
IP6TABLES=/system/bin/ip6tables

#####################
# Special Rules #
#####################
# delete special rules
$IPTABLES -t nat -D OUTPUT -p tcp --dport 123 -j DNAT --to-destination <dest_NTP_IP>:123
$IPTABLES -t nat -D OUTPUT -p udp --dport 123 -j DNAT --to-destination <dest_NTP_IP>:123
$IPTABLES -t nat -D OUTPUT ! -s w.x.y.z/xy -p tcp --dport 53 -j DNAT --to-destination <dest_DNS_IP>:53
$IPTABLES -t nat -D OUTPUT ! -s w.x.y.z/xy -p udp --dport 53 -j DNAT --to-destination <dest_DNS_IP>:53

# custom NTP-Server: <dest_NTP_IP>
$IPTABLES -t nat -A OUTPUT -p tcp --dport 123 -j DNAT --to-destination <dest_NTP_IP>:123
$IPTABLES -t nat -A OUTPUT -p udp --dport 123 -j DNAT --to-destination <dest_NTP_IP>:123

# custom DNS server <dest_DNS_IP> for all networks except home (w.x.y.z/xy)
$IPTABLES -t nat -I OUTPUT ! -s w.x.y.z/xy -p tcp --dport 53 -j DNAT --to-destination <dest_DNS_IP>:53
$IPTABLES -t nat -I OUTPUT ! -s w.x.y.z/xy -p udp --dport 53 -j DNAT --to-destination <dest_DNS_IP>:53
